Talk:Wikimedia Labs/Agreement to disclosure of personally identifiable information
If I create an account in Gerrit, will my IP address be exposed too? Because this page seems to make no exceptions while this other says that it'll only apply to End-Users. I'd like a clarification on this. Thanks. --Marco Aurelio (talk • meta) 20:19, 1 February 2013 (UTC)
- If you're just using Gerrit, there isn't any place where your IP would be exposed to other users. ^demon (talk) 20:41, 1 February 2013 (UTC)
- could you detail what you then mean with "ip address will be made _publically_ available"? --ThurnerRupert (talk) 14:28, 22 June 2013 (UTC)
- This does look like a critical page to be in draft status. There really needs to be a link to additional information, and explanation of scope and responsibility of parties involved.
- For example suppose a volunteer leaks my password to a cyber-criminal who abuses it, is the foundation responsible for any subsequent loss?
- Why is it necessary to make user's IP addresses public? We already have too many people looking at this data on the projects.
- When will this policy be enacted? Is it possible to delete ones personal data? 22.214.171.124 22:54, 19 August 2013 (UTC)
- They are accessible to project admins of the tools project, and project admins or possibly project members of other projects. No project should be making your IP address publicly available. The policy simply states that if you make an account on any labs project (other than tools.wmflabs.org) that your IP address will be accessible to the people who manage that project's infrastructure. WMF does not manage the individual projects. They are community maintained (and hence the policy), so to have an account deleted on one, you'll need to request to have it deleted there. If you can not reach anyone at the project, please contact us with the specifics and we'll find someone who can handle it.
Request to re-word
Based on Ryan's clarification above, the Agreement seems poorly phrased. I suggest the following two changes:
- Ryan states above "No project should be making your IP address publicly available" and yet the Agreement states "[You] agree your IP address will be made publicly available". If Ryan is correct, then the statement in the Agreement should be qualified as to who will have access to IP address records.
- I am currently in the process of setting up my labs account, according to the Agreement this seems to mean that I could rapidly get access to anyone's password without having any specific trusted role. Could this be changed to being limited to admins on this project or bureaucrats (or whatever the equivalent might be) of other projects?
PS I note this has been draft for nearly a year. While marked as draft, it cannot be considered in place, so referring to it in the account set-up process as if it were, is a mistake.
Access to passwords
No one needs access to passwords. I am mystified that we don't simply use SUL for that, but even if we are using a local system, passwords should never be stored or transmitted en clair, and the encrypted versions should be guarded to the utmost extent possible.